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DETAILED ACTION 

Continued Examination Under 37 CFR 1. 1 14 

1 . A request for continued examination under 37 CFR 1.114, including the 
fee set forth in 37 CFR 1 .17(e), was filed in this application after allowance or 
after an Office action under Ex Parte Quayle, 25 USPQ 74, 453 O.G. 213 
(Comm'r Pat. 1935). Since this application is eligible for continued examination 
under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely 
paid, prosecution in this application has been reopened pursuant to 37 CFR 
1.114. Applicant's submission filed on 11/19/2010 has been entered. 

Information Disclosure Statement 

3. The information disclosure statement (IDS) submitted on 1 1/19/2010 is in 
compliance with the provisions of 37 CFR 1.97. Accordingly, the information 
disclosure statement is being considered by the examiner. See attached for 
PTO-1449. 



Response to Arguments 



4. Applicant argues that the new claims include the same features as the 
previously allowed claims. The new claims include the feature of: 
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"determining, for at least one response received from the approvers, 
whether it remains possible for a quorum of the approvers to approve the 
requested security change". 

After reviewing the associated part of the specification relative to said feature, it 
was determined that, any system that stops the approval process once it is 
determined that one of the critical approvals have rejected the request, would 
disclose such feature. After further review of the prior art, it was determined that 
paragraph [0089] of Morinville (US Patent Application Publication No. 
2002/0062240) teaches such scenario. In light of such disclosure by prior art, it is 
also determined that other claims are also made obvious by the prior art. 
Accordingly, all claims are rejected as follows. 

Claim Rejections - 35 USC § 101 

5. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or 
composition of matter, or any new and useful improvement thereof, may obtain a patent 
therefor, subject to the conditions and requirements of this title. 

6. Claim 49 is rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. Said claim is directed to a method 
without being tied to a machine or manufacture. Note that claim 1 is tied to an 
electronic file store, as it requires receiving a file from the electronic file store. 



Claim Rejections - 35 USC §103 
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7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 1 02 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 



8. Claims 1 , 4, 1 5, 30, 37, 38, 45 and 46, 49-51 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Futugami et al. (US Patent No. 
6754665, filed June, 2000), hereinafter called Fug, in view of Kleckner and 
further in view of Morinville (US Patent Application Publication No. 
2002/0062240, published May 23, 2002). 



8.1 . As per claims 1,15, 30, 45 and 46 Fug is directed to a system for 
approving security change (see figures 18-21 and associated text, describing a 
system for providing personal information between a management server 6 and a 
client terminal (access requester) which has issued a retrieval request and 
between the management server 6 and a client terminal of a user (personal 
information owner) whose personal information is requested. The system 
describes a situation where the information requestor requests a change in 
permission to access user personal information (restriction removal inquiry). 
Column 18 line 27 to col. 20 line 67, and particularly col. 20 lines 60-67 teaches 
that a request for change in permissions to access user data is sent from a 
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requestor and approved. User personal information is stored in a file (see for 
example col. 18 lines 7-25), and the file system is secured. The file system is 
secured because accessing to information requires authentication. Also see col. 
17 line 62 to col. 18 line 37, where the personal information is stored on vcards, 
which is a file. Therefore, Fug teaches a system for receiving a request for the 
security change from a requestor, the security change being used for determining 
access rights to comprising permission to retrieve an electronic file from within a 
secure file store); 

Also, Kleckner is directed to a method for approving a security change (parag. 
1 27 to 1 32) for a file security system that secures electronic files (per abstract, 
Kleckner provides a system that uses digital signatures to validate an 
amendment to a financial transaction. Parag. 135 shows that the transactions are 
performed using records (files) that are secured using digital signatures.), said 
method comprising: receiving a requested security change from a requestor 
(parag. 131 , where the new policy is communicated to a second security officer), 
the security change being used for determining access rights to an electronic file 
(paragraphs 1 34 and 1 35 show that the transaction record status is changed, 
pending valid approvals. Therefore, Kleckner teaches control access to the 
transaction record (electronic file)); identifying a plurality of approvers to approve 
or disapprove of the requested security change (the second security officer who 
verifies the change. Note that per parag. 131, at least one officer is required to 
review, therefore suggesting a plurality of reviewers.) by accessing an approver 
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set in an approval manager module (Kleckner teaches identifying approvers, but 
it does not explicitly teach an approval manager module that identifies the 
approvers. Morinville teaches a Build process (paragraph 0087 and Fig. 9) where 
the request for approval is built and the list of approvers is identified. Kleckner 
and Morinville are analogous art, as they are both directed to the process of 
obtaining approvals for change in a process. At the time of invention, it would 
have been obvious to the one skilled in art to include the process of approver 
identification as taught by Morinville, in Kleckner's system. The motivation to do 
so would have been to facilitate the creation of the approval process in 
Kleckner's system by using a system that allows creation of detailed and flexible 
approval process.); notifying the approvers of an approval request for the 
requested security change (Kleckner parag. 131 as discussed above); 
determining whether the requested security change is approved based on 
responses from the approvers to the approval request (parag. 131 where the 
second security officer signs and stores the new policy in the database); and 
performing the requested security change when said determining determines that 
the requested security change has been approved (parag. 132). 

Morinville paragraph [0089] also teaches determining, for at least one response 
received from the approvers, whether it remains possible for a quorum of the 
approvers to approve the requested security change (see applicant disclosure at 
paragraph [0051] regarding the limitation, and note that Morinville paragraph 
[0089] teaches that the process of approval stops when it is determined that one 
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of the necessary approvers has rejected the request. This means that the system 
determines, based on an approver decision (the one that rejected the request), 
whether it remains possible for the quorum to approve the request or not. 

Fug and Kleckner in view of Morinvile are also analogous art, as they are both 
directed to system for controlling access to information. At the time of invention it 
would have been obvious to implement the approval process of Kleckner in view 
of Morinvile in the system of Fug, which manages permissions for providing 
personal information. The motivation would have been to improve the change 
inquiry process of Fug such that permission is allowed when a group of 
approvers approve the change request. This way a user may rely on approvers' 
expertise to decide if he/she should allow access to his/her personal information. 

8.2. With regards to claim 4, Kleckner and Morinville are directed to a method 
as recited in claim 1, wherein determining whether the requested security 
change in approved includes determining that no one of the plurality of 
approvers is authorized to individually approve the requested security change 
(Kleckner parag. 130). 

8.3. With regards to claims 37 and 38, Fug teaches a scenario where the 
personal information is stored on the requestor (Figure 4 and associated text 
shows user transmits its own information to a server. Therefore, the information 
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is stored on the user side. This makes it obvious to use the system to manage 
information and permissions to access information on client's own computer.) 
and a scenario where the personal information is store on the server 6 (see 
figures 9 and 18 and associated text). 

8.4. As admitted by the applicant, the requirements of claims 49-51 are similar 
to the independent claims. 

9. Claims 2, 3, 5-14,16,1 8-29, 31 -36, 47 and 48 are rejected under 35 
U.S.C. 103(a) as being unpatentable over the combination of Fug, Kleckner and 
Morinville as applied to claims 1,4, 15 and 30 above, and further in view of Gune 
et al. (US Patent No. 7,131 ,071 , filed March 29, 2002). 

10. With regards to claims 2, 3, 5-14, Fug and Kleckner in view of Morinville is 
directed to the method of claim 1 and teaches an approval process to control 
changes to security policies. However, Fug and Kleckner in view of Morinville 
does not discuss all the additional details related to the approval process as 
required by the dependent claims. 

Kleckner, however, does require establishment of an approval process to 
perform trade approval, as well as an approval process to make changes to 
security policies. Therefore, a system capable of creating a detailed approval 
process would improve the system taught by Kleckner because it facilitates 
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creation of the approval process required in Kleckner, and also makes creation of 
the approval process more flexible and efficient. 

Gune's invention is directed to a facility for defining an approval process 
(abstract) for approving different types of requests. Gune's system allows 
defining the details of elements of the approval process. At the time of invention, 
it would have been obvious for a person skilled in art to integrate Gune's facility, 
which allows detailed and flexible creation of an approval process (see for 
example col. 2 line 53 to col. 3 line 40), in the system of Kleckner to allow 
creation of a detailed approval process. As mentioned above, the motivation to 
do so would have been to facilitate the creation of the approval process in 
Kleckner's system by using a system that allows creation of detailed and flexible 
approval process. 

The combined system of Fug, Kleckner, Morinville and Gune is directed to 
limitations of the claims as follows: 

1 0.1 . With regards to claims 2 and 3, transmission of notification to the 
approvers, and reception of their response using email is suggested by Kleckner 
col. 1, lines 25 to 37. 

1 0.2. With regards to claim 5, Gune teaches arrangement of approvers in sets 
in col. 11 lines 18-25. 
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1 0.3. With regards to claim 6, Kleckner col. 9 lines 1 2 to 51 describes the AND 
approval process element, which requires two or more paths (approval process 
elements) to be approved independently so the overall process could be 
approved. Moreover, Fig. 21 describes an example showing each element (which 
could be a group, as discussed in rejection of claim 5) required to be approved 
independently for the entire process to be approved. Therefore, Gune teaches 
approval determining requiring approval from more than one plurality of groups. 

1 0.4. As per claim 7, Gune col. 1 lines 36 to 44 shows a hierarchical approval 
process, which progression to a next level of hierarchy requires approval from 
the current level. 

1 0.5. With regards to claim 8, the security officers of Kleckner are users of the 
security system as they use the system to secure the transactions. 

1 0.6. With regards to claim 9, Gune col. 1 3, lines 33 to 43 indicates that subset 
of each element, which includes the group element could be used to define the 
approval process. Therefore, Gune teaches an approval process wherein a 
subset of set of approvers can approve the request. 

1 0.7. With regards to claim 1 0, Gune col. 1 2 lines 3 to 1 2 describes creating an 
approval process relative to the type of request. Therefore, Gune teaches an 
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approval process wherein the selected elements (approvers) are dependent on 
the type of request. 

1 0.8. With regards to claim 1 1 , Gune col. 1 0, lines 30-35 teaches selecting an 
approver based on its position relative to the creator of the request. Therefore 
Gune teaches and approval process wherein the approvers are identified 
depending on the requestor. 

1 0.9. With regards to claims 1 2 and 1 3, Gune col. 3, lines 1 9-27 teach 
simultaneous and concurrent notification of approvers. 

10.10. With regards to claim 14, Kleckner teaches a system for securing trade 
records, which are electronic documents. 

1 0.1 1 . With regards to claim 1 6, Kleckner teaches the importance of separation 
of duties, and also teaches the security policy changes approval by a security 
officer and not the administrator. Therefore, Kleckner teaches an approval 
manager who changes approval process without any interaction form 
administrator(s). 

1 0.1 2. With regards to claim 1 9, use of digital signatures to authenticate the 
sender of an email message was well-known to a person skilled in art at the time 
of invention. 
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1 0.1 3. With regards to claims 20 and 29, a key store connected to the system 
that uses digital signatures is inherent to systems using digital signature because 
keys are integral parts of digital signatures. 

10.14. The limitations of the following claim are substantially the same as the 
corresponding claim: 

Claims 18 and 31 correspond to claim 2 
Claims 19 and 32 correspond to claim 3 
Claims 21 and 33 correspond to claim 4 
Claim 22 corresponds to claim 5 
Claim 23 corresponds to claim 6 
Claim 24 corresponds to claim 7 
Claim 25 corresponds to claim 8 
Claim 26 corresponds to claim 9 
Claim 27 corresponds to claim 10 
Claim 28 corresponds to claim 1 1 

10.15. The limitations of claims 34-36 are substantially the same as limitations of 
claims 2, 3, and 4 sequentially, with the added limitation that if there is no 
approval required, the request is granted without the need to obtain approvals. 
This limitation is taught by Morinville paragraphs 77 or 86. 
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1 0.1 6. Claims 47 and 48 are dependent on claims 34 and 36, with added 
limitation similar to claim 45. 

10.17. With regards to claims 39-44, the claims are dependent on independent 
claims discussed above with the added limitation of: determining, for at least one 
response received from the approvers, whether it is possible for a quorum of the 
approvers to approve the requested security change. 

As discussed regarding the independent claims, the prior art teaches that the 
requested security change will happen when a quorum of approvers approve the 
request. Therefore, once the approval is indicated by the approvers, it makes it 
obvious to determine that it is possible for the quorum of approvers to approve 
the security change. This is because the quorum of approvers has already 
approved the request. See also the Response to Arguments section in the last 
Final rejection. 

Conclusion 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Farid Homayounmehr whose telephone 
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number is 571 272 3739. The examiner can normally be reached on 9 hrs Mon- 
Fri, off Monday biweekly. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Kambiz Zand can be reached on (571) 272-381 1 . The 
fax phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR 
only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 

/Farid Homayounmehr/ 
Primary Examiner 
Art Unit: 2434 



